Greedy Goblin

Saturday, October 8, 2016

Weekend minipost: Oh it's on

I've told you! Valve just got ruled against for tolerating gambling on its platform. As a bonus, they were especially called out for not enforcing their EULA and tolerating gambling bots, just as I told: having API usable by malicious third parties is an evidence of malice on the part of the company. They got a one week notice to take down all gambling third parties or face criminal charges.

@Anon: short answer: it doesn't matter what I or you think, it matters what the authorities think and they seem to agree with me.Long answer: current technology doesn't allow creating kitchen knifes that cannot be used for murders. So we only have the options of not being able to cut meat and to risk that bad people use them to cut human meat. On the other hand we can ban game APIs and still be able to play games via the client and still be able to analyze games via CSV files published by the developer every month. There is no need for up to date game data accessible for third party program access for any legitimate usage. At best it's a convenience for the dev (work harder punk) or a sign of malice.

Lenny already saw this coming and publicly announced that he was going to sell his IWI shares... He wanted to "concentrate on managing this trading citadel". You know, that citadel built by the remaining powerblocks, who unite their RMT activities rather than warring for power...You had a blog post regarding THAT citadel and I commented that Lenny probably "foresaw" a future ban of gambling schemes... Most likely DDQ "predator bird" showed him the errors of his ways over a beer that he originally wanted to pay you...

yep, nothing to see here, our server logs do not show anything suspicious. Everything works as intended...

actually providing apis is not malice.By the same standard, providing apis for trading, or even stock quotes could be considered malice.

CCP will just have to do a very few things:1. make a better registration process for accessing the apis (including personal data of the application token owner)2. on reported abuse of the api for gambling or other illegal things: ban that person, their keys and ban them from getting back to EVE.

As this is another kind of service they can actually create better, legally binding contracts that the eula is.

your war against APIs is ill placed in my opinion, why?

you complain that those with a skill in programming have an andvantage. Given that idea, you would have to remove any skill from a game that gives any player an advantage:- reaction time => skill that some are better at, has to be removed there is no need for realtime input for any legitimate usage- social skills, leading, ... there is no need for communication for any legitimate usage- knowledge and skills in economics => that is a type of thing that can give huge advantages the markets could be used as proxies for drug trafficing! there is no need for markets for any legitimate usage

you should realize that a game is not defined by its client. some games are even played in the browser!

The api is part of the game. It is not external. The developers at CCP decided that part of their game can be played this way.

All they have to do is to stop people abusing the system and reporting them to the authorities if appropriate.

To expand a bit on my previous comment: this is the extend of what the Steam API can do related to trading. Notice how there are 'Get', 'Decline' and 'Cancel' methods, but no 'Accept' or 'MakeOffer' ones.

So how do gambling site owners still get their bots to trade skins? Well, we are in luck, it's all open source.

So how does their makeOffer method look like? Like this. This probably doesn't mean a hole lot to you if you aren't a programmer, but essentially what is does is pretending to be a real human using the official steam website that makes a trading offer to someone.

So concluding: yes, there technically is a steam API. But does it enable trading bots? No, at best it makes them slightly easier to program, not really though.

What could Valve do to prevent such abuse of their website? Implement captchas or lower request limits.

What's the more realistic thing Valve will do? Ban accounts that trade hundreds of skins per day.

Nice report, but, I find the phrase "Law abiding citizen" to be reminiscent of "right-minded people" in its connotations.

Are you planning on issuing a lawsuit under Washington Law (as I have not seen any european judgments relating to this) if CCP do not comply by banning a site which Lenny actually has nothing to do with anymore.

Wait...please please please tell me that your whole vendetta against Lenny is not because you think he stole your limelight?

Because, if that is the case.....then that is a whole level of fragile ego beyond what went before. You left Eve. You moved on (allegedly), you are still angry that your name is not up in lights as the saviour of some pixels?

If it is not the case, then what was the point of that sentence?

Lenny does not own IWI. Lenny is not named on the site for IWI. Closing IWI down removes someone who you would be hard pushed to recognise.

@Hanura: captchas are industry standard. Not implementing them shows tolerance towards bots. Remember that BDO had captcha in the game client market interface.

@Anon: there are many wrongs in the World and I can't fight all of them. I admit that I choose to fight this one because of Lenny and Falcon. Without them, I'd probably fight another wrongs and still play EVE. Should I be a saint you say?

CAPTCHAs are industry standard for account registration and alike, not for interface actions. BDO is the only game that I'm aware of that does this sort of thing.

Again I'm not claiming that Valve didn't act maliciously, as they tolerated gambling sites and their bots. They should've punished all those that engaged in said activities, as finding accounts that trade skins over and over is not hard. Hell, gambling sites didn't even try to hide what they were doing.

I do however argue that none of this has anything inherently do to with APIs, official or not.

Personal option. Reading info should be not restricted. If you want to copy entire library, you are allowed to do so and using computers to help on that job is not malicious. Thats a topic for freedom of speech. But on other hand, changing a library with bots IS malicious and should be discouraged. There should be restrictions what goes to library, not just high amount of nonsense. Peer reviews are the best, but hard to make on practice. As a alternative, it costs to publish something. Some kind of broker fee can be game money, like in WoW, EvE or BDO, or real money, like in etoro, a market or any other stock exchange. Systems what allow bots to change library will sooner or later run over by bots who spam them.

Basically, with APIs its easily possible both to "make knives that cannot be used for murders" (read-only APIs) and "prevent murders completely by other means, even if a dangerous knife is used" (logs, captchas, properly controlling the system).

Therefore, even if knives are indeed not required for "cutting meat" (playing the game), there's no need to ban them. To make a crime happen, you need to simultaneously 1) have a dangerous knife (unsafe API) 2) deliberately take action to make it impossible to prevent the crime (ignore safety measures, ignore logs, ignore player reports) -- and that's exactly what happened both in Valve's and CCP's cases.

Maybe "guns don't kill, people do" is not always valid, but in this case it is. I protect APIs but not Valve and CCP -- a company needs to go a long way (of incompetence or malicious intent, doesn't matter) to make it possible to abuse their APIs. So if that happens, the ones responsible must be punished.

Actually, if devs don't control their shit, no APIs are needed, bastards will do their dirty business with bots easily, like Hanura already explained. Having a proper API does not raise risk, having an improper API raises it just a bit. Not controlling shit is what raises risk the most.

Please go on ahead with this! Gambling ISK had a way too large influence on EVE already.

In Germany, there is a law against unlicensed gambling as well. Since EVE and IWI are both accessible in Germany, and since "EVE Germany" (a player gathering) was sponsored by IWI, I think there may be a case for the German authorities as well.

IS there a website available where the functioning of IWI can be read and understood by somone who does not know EVE, but would know what constitutes illegal gambling?

I'd not have bothered to warn them. The authorities would have taken you more seriously. As it is, you're going to have a hard time getting them to actually look into this, and they likely won't talk about it with you or publicly unless they decide to go as far with it as they did Valve. They're trying to send a message, not clean up every game gambling site one at a time- they went for Valve, which is a big fish.